tl;dr: On systems running Smokeping, avoid curl 7.74.0 and wait for a newer release!

---

I have a few Smokeping nodes deployed here and there to keep tabs on various services. Recently, all of the curl-based probes stopped working on one of the Smokeping instances. Any probe using either the Curl.pm or AnotherCurl.pm module would immediately enter "alert" status, indicating 100% failure, and these probes would never recover to a cleared state.

The monitoring node where things went haywire is running FreeBSD 12.2, with Smokeping and curl both installed from the ports collection. It turns out there's a bug in the most recent version of curl, and updating the curl port from 7.73.0 to 7.74.0 caused Smokeping to choke. (My Linux-based Smokeping nodes avoided this fate thanks to slower release cycles for their package universes.)

The bug is that time-based statistics returned by the -w option to curl are suddenly being presented in microseconds instead of seconds, e.g. where Smokeping expects a value like 0.105208 indicating about a tenth of a second, the buggy curl 7.74.0 returns 105208 instead. There are multiple tickets filed against curl, and it looks like the next release will fix it.

Meantime, if you have an affected FreeBSD system where you've already upgraded curl to version 7.74.0, you can temporarily fix Smokeping by downgrading curl until a newer release comes along. I used portdowngrade, which can be installed from /usr/ports/ports-mgmt/portdowngrade if it's not already present.

[root@host ~]# curl --version | head -1
curl 7.74.0 (amd64-portbld-freebsd12.2) libcurl/7.74.0 OpenSSL/1.1.1h zlib/1.2.11 nghttp2/1.42.0
[root@host ~]# portdowngrade ftp/curl r557488
[root@host ~]# cd /usr/ports/curl
[root@host /usr/ports/curl]# make DISABLE_VULNERABILITIES=yes deinstall reinstall
[root@host /usr/ports/curl]# curl --version | head -1
curl 7.73.0 (amd64-portbld-freebsd12.2) libcurl/7.73.0 OpenSSL/1.1.1h zlib/1.2.11 zstd/1.4.5 nghttp2/1.42.0

---

• freebsd
• smokeping